When TCP/IP version 4 was published in 1981 (RFC 791-3) the four byte 4.2 billion addresses seemed like a limitless resource in our nascent networked world. The standard had only three sizes of addresses class […]

Critical ScreenOS Security Flaw: 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20. Update 4/6/2016: New ScreenOS 6.3r22 release Juniper has now completed the ScreenOS VPN updates with the removal of the DUAL_EC_DRBG and the ANSI X9.31 […]

Junos Disaggregation: “Wish this ran Junos” Is About To Come True For years Juniper has been passing out these stickers in various form factors proclaiming, I Wish This Ran Junos. I’ve saved one of every […]

I’ve added a new certification to the resume, JNCDA – Juniper Networks Certified Design Associate. I’ve always been a big believer in formal learning in my engineering career. Shortly after after starting to use […]

Juniper Learning Bytes is a large collection of short videos demonstrating how to use Juniper products. This is a collection of YouTube playlists that seeks to organize the Juniper Learning Bytes into related collections by […]

Updates in url filtering may be delayed by days in application to sessions Updates to url categorization and blocks do not immediately apply to all urls being filtered. The local cache on the Palo Alto […]

When making changes to the physical interface parameters in an Active/Active cluster, the state changes will sync to the opposite node on commit. The affected interface on the opposite node will change shortly after the […]

Juniper launched a riff on March Madness in 2013 they call “Lab Madness” asking for contributions on lab setups. I don’t really have an extensive or expensive setup, but I have found that working in […]

I have always been a big believer in life-long learning or ongoing education in my chosen spheres of work. For most of my engineering career this has taken the form of reading books, trade publications […]

In August of 2012 Juniper created the Ambassador program to recognize community members that show a strong commitment to help others with their networking needs. I’m happy to be one of the first seven community […]

Product: ScreenOS Version: 6.0 and higher Network Topology The local trust zone server has a public ip address assigned for accessing services. This has two policies created. One allows destination nat for the untrust internet […]

Product: ScreenOS Version: 6.0 and higher Network Topology Two sites that each have redundant internet connections. This establishes two VPN tunnels and uses OSPF to set routing priorities over the tunnels to use the primary […]

Product: ScreenOS Version: 6.0 and higher Network Topology Two sites connected by VPN with one site having two internet access connections. They connect using policy based VPN. Description: This configuration has a redundant internet link […]

Product: ScreenOS Version: 6.0 and higher Network Topology Two sites are connected via a route based VPN, server site and public IP site. The local public ip site publishes a policy to allow internet access […]

Product: ScreenOS SSG Series Version: 6.2 and up Network Topology: Network diagram: Hub and spoke VPN with multiple sites using point to multipoint Two sites routing VPN with SSG Two sites Policy VPN with any […]

ScreenOS provide two methods to reset a device to the factory default settings. Hard reset (Pinhole reset) Soft reset (Console login) The pinhole reset method can be difficult to achieve if you do not have […]

Product: ScreenOS SSG Series Version: 6.0 and up Network Topology: Network diagram: Two sites connect via IPEC VPN across the internet. The internet requests from the remote site are forwarded down the VPN tunnel to […]

Product: ScreenOS Version: 6.0 and higher Network Topology Two firewall interfaces configured in untrust zone. One for each internet service provider using ethernet0/0 and ethernet0/1. Description: You can setup a second internet service as a […]

Product: ScreenOS SSG Series Version: 6.0 and up Network Topology: Network diagram: Two sites that have internet connections and a firewall that supports IPSEC VPN. This procedure creates the Virtual Private Network across the internet […]

Product: ScreenOS wireless series Version: 6.2R7 and above There is a RADIUS bug in code below this release that can cause a system reboot when RADIUS authentication is denied for the client. Network Topology: Network […]

Purpose Most JUNOS based equipment provides a dedicated management ethernet port to create a separate management network. This allows connection and management of the devices independent on the operation and access of the production network. […]

Network Engineer & Cantor

On Saturday November 18 2017 the first meeting for the Pittsburgh chapter of the Society of St. John Chrysostom was held at the Byzantine Catholic Seminary on Pittsburgh’s northside. Founded in London, UK in 1926, […]